banks

Thus far, it seems like the large banks are fending off digital disruption, perhaps embracing some of it on their own. The Economist takes a look:

“Peer-to-peer lending, for instance, has grown rapidly, but still amounted to just $19bn on America’s biggest platforms and £3.8bn in Britain last year”

“last year JPMorgan Chase spent over $9.5bn on technology, including $3bn on new initiatives”

From a similar piece in the NY Times: “The consulting firm McKinsey estimated in a report last month that digital disruption could put $90 billion, or 25 percent of bank profits, at risk over the next three years as services become more automated and more tellers are replaced by chatbots.”

But: “Much of this change, however, is now expected to come from the banks themselves as they absorb new ideas from the technology world and shrink their own operations, without necessarily losing significant numbers of customers to start-ups.”

Back to The Economistpiece: “As well as economies of scale, they enjoy the advantage of incumbency in a heavily regulated industry. Entrants have to apply for banking licences, hire compliance staff and so forth, the costs of which weigh more heavily on smaller firms.”

Regulations and customer loyalty are less in China, resulting in more investment in new financial tech in Asia:

As another article puts it: “China has four of the five most valuable financial technology start-ups in the world, according to CB Insights, with Ant Financial leading the way at $60 billion. And investments in financial technology rose 64 percent in China last year, while they were falling 29 percent in the United States, according to CB Insights.”

Why? “The obvious reason that financial start-ups have not achieved the same level of growth in the United States is that most Americans already have access to a relatively functional set of financial products, unlike in Africa and China.”

Fixing legacy problems with new platforms, not easy

Mainframes are a problem, as a Gartner report from last year puts it: “The challenge for many of today’s modernization projects is not simply a change in technology, but often a fundamental restructuring of application architectures and deployment models. Mainframe hardware and software architectures have defined the structure of applications built on this platform for the last 50 years. Tending toward large-scale, monolithic systems that are predominantly customized, they represent the ultimate in size, complexity, reliability and availability.”

But, unless/until there’s a crisis, changes won’t be funded: “Banks need to be able to justify the cost and risk of any modernization project. This can be difficult in the face of a well-proven, time-tested portfolio that has represented the needs of the banking system for decades.”

Sort of in the “but wasn’t that always the goal, but from that same article, Gartner suggests the vision for new fintech: ‘Gartner, Hype Cycle for Digital Banking Transformation, 2015, says, “To be truly digital, banks must pair an emphasis on customer-facing capabilities with investment in the technical, architectural, analytic and organizational foundations that enable participation in the financial services ecosystem.”’

Case studies

A bit correlation-y, but still useful, from that BCG piece: “While past performance is no guarantee of future results, and even though all the company’s results cannot be entirely attributed to BBVA’s digital transformation plan, so far many signs are encouraging. The number of BBVA’s digital customers increased by 68% from 2011 to 2014, reaching 8.4 million in mid-2014, of which 3.6 million were active mobile users. Because of the increasing use of digital channels and efforts to reconfigure the bank’s branch network—creating smaller branches that emphasize customer self-service and larger branches that provide higher levels of personalized advice through a remote cross-selling support system—BBVA achieved a reduction in costs of 8% in 2014, or €340 million, in the core business in Spain. Meanwhile, the bank’s net profits increased by 26% in 2014, reaching €2.6 billion.”

And a more recent write-up of JPMC’s cloud-native programs, e.g.: ‘“We aren’t looking to decrease the amount of money the firm is spending on technology. We’re looking to change the mix between run-the-bank costs versus innovation investment,” he said. “We’ve got to continue to be really aggressive in reducing the run-the bank costs and do it in a very thoughtful way to maintain the existing technology base in the most efficient way possible.” …Dollars saved by using lower-cost cloud infrastructure and platforms will be reinvested in technology, he said.’ JPMC, of course, is a member of the Cloud Foundry Foundation which means, you know, they’re into that kind of thing.

Commonwealth Bank of Australia, for instance, replaced its core banking platform in 2012 with the help of Accenture and software company SAP SE. The job ultimately took five years and cost more than 1 billion Australian dollars ($749.9 million).

Being conservative, multiply $500m across the top 20 banks, and you’ve got $10bn, using $749.8m directly, you get much closer to $15bn.

Like most large U.S. banks, JPMorgan Chase has had some version of a private cloud for years, with virtualized servers, storage and networks that can be shared in a flexible way throughout the organization.

The bank is upgrading its private cloud to “platform as a service” — in other words, the cloud service will manage the infrastructure (servers, storage, and networks), so that developers don’t have to worry about that stuff.

On the multi-/hybrid-cloud thing:

By the second half of 2017, the bank plans to run proprietary applications on the public cloud. At the same time, it’s building a new, modern internal cloud, code-named Gaia.

While “hybrid-cloud” has been tedious vendor-marketing-drivel over the past ten years, pretty much all of the large organizations I work with at Pivotal have exactly this approach. Public, private, whatever: we want to do it all.

Shifting their emphasis innovation:

“We aren’t looking to decrease the amount of money the firm is spending on technology. We’re looking to change the mix between run-the-bank costs versus innovation investment,” he said. “We’ve got to continue to be really aggressive in reducing the run-the bank costs and do it in a very thoughtful way to maintain the existing technology base in the most efficient way possible.” …Dollars saved by using lower-cost cloud infrastructure and platforms will be reinvested in technology, he said.

On appreciating the scale of “large organizations” that drive their very real challenges with adopting new ways of running IT:

On security, there’s a nice, almost syllogistic re-framing of “cloud security here”:

For years, banks have worried about using the public cloud out of security concerns and fears of what their regulators will say. Ever since the 2013 Target data breach, in which hackers stole card information from 40 million customers by breaking into the computers of an air conditioning company Target used, regulators have strongly urged banks to carefully vet and monitor all third parties, with a specific focus on security.

…

“We’re spending a significant amount of time to ensure that any applications we choose to run on a public cloud will have the same level of security and controls as those run internally,” Deasy said.

Most notable corporate security breeches over the year have involved on-premises IT (like the HVAC example above). The point is not to make sure that “cloud is as secure as [all that on-prem IT that’s been the source of most security problems in the past], but to make sure that all IT has a rigorous approach to security. “Cloud” isn’t the security problem, doing a shitty job at security is the security problem.

CardGuard provides additional protection against fraud, since customers are able turn their debit card “on” or “off.” When the card is “off,” no withdrawals or purchases will be approved, with the exception of previously authorized or recurring transactions. Additionally, transaction controls can be set according to location, meaning transactions attempted outside of the geographic parameters set by the customer will be declined.

Also:

With CardGuard, customers are able to better manage their spending by establishing limits for debit card purchases based on the amount of the transaction. Additional controls can be set to manage spending in different categories by enabling or disabling transactions for certain merchant groups, such as gas, grocery or retail stores.

This a good parable on what can go wrong in large organizations when incentives are not working as planned.:

But the reality seems to be messier and more boring: Wells Fargo wanted its employees to push lots of real accounts, it asked too much of them, and the employees rebelled by opening fake accounts to get the bosses off their backs. The fake accounts weren’t profitable for Wells Fargo, and no rational executive would have wanted them, which is why Wells Fargo kept telling the employees not to open them. But the employees did anyway because they felt like they had no other choice. It was not an evil high-level plot. It was just dumb. It was a form of employee resistance that was channeled into fraud by bad incentives and bad management. There is a limit on how many times you can ask a guy in a hearing “this thing you did was pretty dumb, wasn’t it?” Though look for the Senate Banking Committee to test that limit.

Knowing very little about the details, back in IT-land problems like this usually mean the culture needs some tweaking.

According to the bank, the built-in automation of Pivotal’s cloud platform allows it to focus on delivering differentiated value, instead of being caught up with systems management and IT resource procurement. This means that DBS will be able to quickly deliver services, as well as build and update next-generation applications in order to deliver a better banking experience to users.

After 15 years of useful life, CORBA is currently being retired and replaced with Web services. It’s interesting to see that many of the initial performance challenges have appeared again with the switch to the new technology.

Later on:

It took four years from the strategic decision until the whole organization was fully committed to the plan. This is because it takes a while to fully deploy complex middleware technology in an environment that’s sensitive to performance, stability, and security. The real challenge has been the stamina and governance needed to make this strategic decision pervasive—it took 10 years before everybody accessed the mainframe through the service layer. We debated whether this is unusually slow, but we’re now convinced that this is normal for this kind of organization and application landscape. On the business side, the SOA approach has helped revolutionize user interfaces. Nobody accesses the mainframe through terminal screens anymore. Credit Suisse has built several Internet channels on top of the service layer, from a simple electronic banking application in the beginning to today’s sophisticated mobile banking.

And, the thrilling conclusion:

Looking back over 15 years of enterprise service architecture at Credit Suisse, we’ve learned a few lessons. First, deep architectural changes in large companies take longer than most people think. The reason for this is because most projects are risk-averse and only want to adopt a proven approach. Proving a new approach plus the time lag between design decisions and implementation completion adds up to three to four years. After that, depending on the rollout strategy, it could take several years to fully implement a strategy. Patience and stamina are absolutely necessary for success in this field. If your CIO wants to see results within a quarter, SOA or other enterprise architecture approaches aren’t worth pursuing. Second, when thinking about SOA, technology on an enterprise scale is a nontrivial prerequisite, but it’s the easier part. Orchestrating the entire organization around SOA, providing a proper semantic framework to create a common language across the organization, and implementing the necessary governance processes are the harder parts, in our opinion.

Bank of America made the decision to slide the bulk of its backend computing systems to the cloud in 2013, and wants to have 80 per cent of its systems running in off-premises data centers within the next three years. Last year it spent over $3bn on new computing kit.